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Description 

TECHNICAL FIELD 

The present invention relates generally to per- 
sonal identification schemes and more particularly to 
a method and system for issuing authorized personal 
identification cards and for preventing unauthorized 
use thereof during transaction processing. 

BACKGROUND OF THE INVENTION 

Password- based protection schemes for credit 
cards or other personal identification cards are well- 
known in the prior art. Such cards typically Include a 
memory comprising a magnetic tape or other storage 
media affixed to the card. They may also Include a 
data processing capability in the form of a micropro- 
cessor and an associated control program. In opera- 
tion, a card issuer initially stores in the memory a per- 
sonal identification number, ie, a secret password, as 
well as a value representing a maximum dollar 
amount. To effect a transaction, the card is placed in 
a terminal and the user is required to input his or her 
password. If the terminal verifies a match between 
the user-inputted password and the password stored 
on the card, the transaction is allowed to proceed. 
The value of the transaction is then subtracted from 
the value remaining on the card, and the resulting val- 
ue represents the available user credit. 

Techniques have also been described in the prior 
art for protecting against the illegitimate issuance of 
credit cards such as the type described above. In US 
Patent No 4,453,074 to Weinstein, each such card 
has stored therein a code which is the encryption of 
a concatenation of a user's secret password and a 
common reference text. The encryption is derived in 
an initialization terminal through the use of a private 
key associated with the public key of a public-key 
cryptosystem key pair. In operation, a cardholder 
presents his or her card to a transaction terminal. The 
terminal decrypts the stored code on the card in ac- 
cordance with the public key of the public-key cryp- 
tosystem pair. A transaction is effected only if the 
stored code decrypts into the user password, input- 
ted on a keyboard by the cardholder, and the common 
reference text. 

While the method described in the Weinstein pa- 
tent provides an adequate protection scheme for pre- 
venting the fraudulent issuance of credit cards, this 
scheme requires each user to have a secret or "pri- 
vate" password which must be memorized and Input- 
ted into the transaction terminal. Weinstein also re- 
quires additional circuitry for concatenating the 
user's secret password with the common reference 
text. This latter requirement, while purportedly re- 
quired to insure the integrity of the protection scheme, 
increases the complexity and the cost of the system. 



It would therefore be desirable to provide an im- 
proved method for issuing personal identification 
cards using a public-key cryptosystem in which a "se- 
cret" password need not be memorized by the autho- 

5 rized user or concatenated with a common reference 
text to maintain the system security. 

According to one aspect of the present invention, 
there is provided a system for issuing authorized per- 
sonal identification cards and for preventing unautho- 

10 rized use thereof, comprising: 

issuing terminal means for issuing a plurality of 
personal identification cards; each of said cards hav- 
ing stored therein a first data string with a portion 
thereof derived from a physical characteristic of an 

15 authorized user of the card, each of said cards also 
having stored therein a signature derived from a sec- 
ond data string using a private key of a public-key 
cryptosystem pair, the public-key cryptosystem pair 
also having a public key, the second data string being 

20 derived from the first data string using a predeter- 
mined one-way function and having a length substan- 
tially less than the length of the first data string; and 
transaction terminal means including at least 
one transaction terminal for receiving a personal 

25 identification card offered to effect a transaction us- 
ing the transaction terminal, the personal identifica- 
tion card having the first data string and a received 
signature stored therein, wherein the transaction ter- 
minal comprises means, using the public key of the 

30 public-key cryptosystem pair, for verifying that the re- 
ceived signature can be generated from the first data 
string, means responsive to the verifying means for 
generating a representation from the first data string, 
and means for displaying the representation and an 

35 indication of whether the received signature can be 
generated from the first data string to enable an op- 
erator of the transaction terminal to verify that the 
user of the offered personal identification card is au- 
thorized to effect a transaction. 

40 It will be appreciated that it is very difficult to cre- 

ate a valid signature for any personal data without the 
proper private key, although it is simple for anyone to 
verify whether or not the signature for a password 
(first data string) on the card is authentic, even with- 

45 out the private key. Only a card issuer can thus make 
a valid card and only a user with matching personal 
characteristics can use the card. 

In the preferred embodiment, the password in- 
cludes data representing a pictorial representation of 

50 a physical characteristic (eg, the face, fingerprint, 
voice sample or the like) of the authorized user. Alter- 
natively, or in addition to the pictorial representation 
data, the password may contain other data pertinent 
to the user, such as the user's age, address, nation- 

55 ality, security clearance, bank account balance, em- 
ployer, proof of ownership, or the like. The password 
may also include one or more codewords, each of the 
codewords authorizing a specific transaction such as 
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permission to receive certain funds on a certain date, 
permission to see classified documents, permission 
to enter into a country on a certain date (le, a visa), 
attestation to perform certain acts, or the like. Al- 
though not meant to be limiting, the personal identi- 5 
fication card may be a credit card, a driver's licence, 
a passport, a membership card, an age verification 
card, a bank card, a security clearance card, a corpor- 
ate identification card or a national identification 
card. 10 

The generation of the digital signature preferably 
includes the steps of multiplying the mapped pass- 
word (the second data string) "Q" by each of the four 
factors ±1 modulo "M" and ±2 modulo "M", where 
M=Pi P2- As used herein, "M" refers to the public key is 
of the public-key cryptosystem pair and (Pi,P2) refers 
to the private key thereof, where "Pi" and "P2" are se- 
cret prime numbers which are preselected such that 
only one of the four values +Q mod M and +2Q mod 
M is a quadratic residue modulo "M". According to the 20 
digital signing routine, the four values ±Q mod M and 
±2Q mod M are evaluated to determine which of these 
values is a quadratic residue modulo "M". The square 
root of the quadratic residue is then computed to gen- 
erate the signature. Because the square root compu- 25 
tation is extremely difficult to carry out without know- 
ing the factorization of the secret prime numbers of 
the private key, unauthorized third parties are not ca- 
pable of producing a card "signature" which, when 
digitally verified at the transaction terminal, can be 30 
shown to have been generated from the mapped 
password on the received personal identification 
card. 

In accordance with another aspect of the present 
Invention, there is provided a system for allowing au- 35 
thorized users of personal identification cards to ef- 
fect transactions via at least one transaction terminal, 
comprising a plurality of cards each having stored 
therein a signature which is the digital signature of a 
second data string, the second data string being de- 40 
rived from a first data string derived from a physical 
characteristic associated with a respective user, the 
second data string being derived from the first data 
string using a predetermined one-way function and 
having a length substantially less than the length of 45 
the first data string, the signature stored In each of 
said cards having been derived with the same private 
key of a public-key cryptosystem pair also having a 
public key; and at least one transaction terminal hav- 
ing means for controlling: so 

(1) the retrieval of the first data string and the sig- 
nature stored in an inserted card; 

(2) the digital verification of the signature with the 
use of the public key of the public-key cryptosys- 
tem pair; 55 

(3) the generation of a pictorial representation 
from the first data string; and 

(4) the effecting of a transaction only if the sig- 



nature is verified and the pictorial representation 
matches the user. 

According to a further aspect of the present In- 
vention, there is provided a terminal for initializing 
personal identification cards to be used with at least 
one transaction terminal, each card having a memory 
therein, comprising means for assigning a first data 
string having a portion thereof which is derived from 
a physical characteristic of a user whose card is to be 
initialized, means for mapping the first data string 
with a predetermined one-way function to generate a 
second data string having a length substantially less 
than the length of the first data string, means for de- 
riving a digital signature from the second data string, 
the signature of each user being derived with use of 
a private key of a public-key cryptosystem pair also 
having a public key, and means for controlling the 
storing in a user card of the respective derived digital 
signature. 

According to a still further aspect of the present 
invention, there is provided a personal identification 
card for use in effecting transactions via at least one 
transaction terminal, comprising a body portion, a 
memory within said body portion for storing a signa- 
ture, said signature being the digital signature of a 
second data string derived from a first data string 
having at least a portion thereof being derived from a 
physical characteristic of a respective card user, the 
second data string being derived from the first data 
string using a predetermined one-way function and 
having a length substantially less than the length of 
the first data string, wherein said signature is derived 
from the second data string with the private key of a 
public-key cryptosystem pair. 

According to a yet further aspect of the present 
invention, there is provided a method for enabling an 
authorized user of a personal identification card to ef- 
fect a transaction using a transaction terminal, the 
personal identification card having user- 
characteristic data derived from a physical character- 
istic of the authorized user and which need not be re- 
tained secret, and a signature of the user- 
characteristic data derived from a private key of a 
public-key cryptosystem pair, the public-key crypto- 
system pair also including a public key, comprising 
the steps of: 

receiving the personal identification card at 
the transaction terminal; 

digitally verifying, using the public key, wheth- 
er the signature on the personal identification card 
received at the transaction terminal can be generated 
from the user-characteristic data; and 

if the signature can be generated from the 
user-characteristic data using the public key, display- 
ing a representation of the user-characteristic data on 
a display of the transaction terminal to enable an op- 
erator thereof to verify that the user is authorised to 
effect a transaction using the personal card. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

For a more complete understanding of the pres- 
ent invention and the advantages thereof, reference 
is now made to the following Description taken in con- 
junction with the accompanying Drawings in which: 
FIGURE 1 is a schematic representation of one 
type of personal identification card according to 
the invention, the card having a picture of a phys- 
ical characteristic of an authorized user of the 
identification card; 

FIGURE 1A is a diagrammatic representation of 
a portion of a magnetic stripe of the personal 
identification card of FIGURE 1 showing a "pass- 
word" generated in part from the picture on the 
identification card; 

FIGURE 2 is a general flowchart diagram of the 
preferred method of the present invention for is- 
suing an authorized personal identification card 
such as shown in FIGURE 1; 
FIGURE 3 is a detailed flowchart diagram of the 
digital signing routine of FIGURE 2; 
FIGURE 3Ais a flowchart diagram of a routine for 
selecting the secret prime numbers of the private 
key (Pi,P2); 

FIGURE 4 is a general flowchart diagram of the 
preferred method of the present invention for pre- 
venting unauthorized use of the personal identi- 
fication card of FIGURE 1 which is issued accord- 
ing to the method of FIGURE 2; 
FIGURE 5 is a detailed flowchart diagram of the 
digital verifying routine of FIGURE 4; and 
FIGURE 6 is a block diagram of a representative 
multi-Issuer system according to the present in- 
vention. 

DETAILED DESCRIPTION 

With reference now to the drawings wherein like 
reference numerals designate like or similar parts or 
steps, FIGURE 1 is a schematic representation of a 
personal identification card 10 for use according to 
the present invention for effecting transactions via a 
transaction terminal. As noted above, the term "per- 
sonal identification card" according to the present in- 
vention is to be read expansively and is deemed to 
cover credit cards or other commonly known forms of 
identification such as a passport, a driver's license, 
a membership card, an age identification card, a se- 
curity clearance card, a corporate identification card, 
a national Identification card, or the like. 

Personal identification card 10 in FIGURE 1 is a 
driver's license. Card 10 includes a body portion 12 
having a display 14 and a memory 16. Although not 
meant to be limiting, the memory 16 is preferably a 
magnetic stripe or similar media, or an electronic 
memory such as a PROM, affixed to or embedded in 
the card in a known manner. The personal identifica- 



tion card may or may not include an integral micropro- 
cessor embedded in the body portion. As seen in FIG- 
URE 1, the display 14 of the personal identification 
card 10 supports a pictorial representation 18 of a 
5 physical characteristic of the authorized user; eg, the 
user's face. Of course, the display 14 may also dis- 
play pictorial representations of other physical fea- 
tures of the user such as the user's fingerprint or palm 
print. 

10 Referring now to FIGURE 1A, according to the 

present invention the memory 16 of the personal 
identification card 10 preferably includes a "pass- 
word" 20 unique to the authorized user and having a 
portion 20a thereof which is generated from a repre- 
ss sentation of some non-secret or "public" characteris- 
tic of the user. As used herein, the term "non-secret" 
refers to the fact that the representation of the autho- 
rized user, such as the user's face, is readily ascer- 
tainable by viewing and comparing the personal iden- 

20 tification card and the authorized user directly. In the 
preferred embodiment, the section 20a of the pass- 
word is a digital bitstream representing a digitized 
version of the pictorial representation 18 on the per- 
sonal identification card 10. 

25 As also seen in FIGURE 1A, the password 20 

may include a portion 20b having data representing 
one or more personal facts about the authorized user 
such as the user's age, address, nationality, security 
clearance, employer, bank account balance, eye col- 

30 our, height, weight, mother's maiden name, or any 
other such information. This information may or may 
not be public. Moreover, the password 20 may further 
include a portion 20c having one or more codewords, 
each of the codewords authorizing a specific transac- 

35 tion such as permission to enter a country on a cer- 
tain date, permission to receive certain funds on a 
certain date, permission to review certain classified 
documents, or one or more other such specific trans- 
actions. Of course, the password 20 may include one 

40 or more of the predetermined types of data, 20a, 20b, 
and/or 20c, shown in FIGURE 1A. 

As also seen in FIGURE 1A, the memory 16 of 
the personal identification card 1 0 also includes a sig- 
nature 22, which, as will be described in more detail 

45 below, is derived from the password 20 using the pri- 
vate key of a "public-key cryptosystem" key pair. A 
"public-key cryptosystem" is a well known security 
scheme which includes two "keys", one key which is 
public (or at least the key-pair owner does not really 

50 care if it becomes public) and one key which is private 
or non-public. All such public-key cryptosystem pairs 
include a common feature - the private key cannot be 
determined from the public key. 

Referring now to FIGURE 2, a general flowchart 

55 diagram is shown of the preferred method of the pres- 
ent invention for issuing an authorized personal iden- 
tification card 1 0 such as shown in FIGURE 1 . At step 
30, the card issuer collects the necessary personal 
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data from a card applicant. Although not meant to be 
limiting, this data preferably includes a pictorial rep- 
resentation of a physical characteristic of the autho- 
rized user. For example, the date may include a pho- 
tograph of the card applicant. At step 32, the photo- 
graph, other personal data and/or code authoriza- 
tions are processed to generate a password as de- 
scribed above in FIGURE 1A. 

At step 34, the password is mapped with a pre- 
determined one-way function "F" to generate a map- 
ped password "Q" which may have a length substan- 
tially less than the length of the password. This "map- 
ping" step is typically required to reduce the length of 
the digital bitstream comprising the password, espe- 
cially when a digitized photograph of the authorized 
user is stored therein. By way of example only, the 
predetermined one-way function "F" may be any one 
or more of several well-known hashing functions such 
as one obtainable from the DES scheme or the Gold- 
wasser, Micall & Rivest scheme. Alternatively, the 
function "F" may be an identity function which simply 
transfers the password through step 34 without mod- 
ification. The identity function might be used where 
the password length is sufficiently smaller than the 
available storage capability of the memory 16. 

At step 36, the method continues to "digitally 
sign" the mapped password "Q" with a private key 
(Pi,P2) of a public-key cryptosystem pair to generate 
a so-called "signature". As will be described in more 
detail below, in the preferred embodiment "Pi" and 
"P2" are secret prime numbers and the public-key 
cryptosystem pair includes a public key "M" which is 
equal to "P1P2". At step 38, the method encodes the 
password (as opposed to the mapped password) and 
the signature with an error-corecting code to gener- 
ate an encoded password/signature. Step 38 insures 
that the card 1 0 wi II be usable even if some of its data 
is destroyed. At step 40, the encoded password/sig- 
nature is stored on the personal identification card in 
the manner substantially as shown in FIGURE 1A. 

Although not shown in detail in FIGURE 2, it 
should be appreciated that the card issuer may digi- 
tally sign one or more digital signatures on the card 
1 0 at one or more different times using different pub- 
lic-key cryptosystem pair keys. The card could then 
function as a passport with each signature derived 
from a different cryptosystem key pair corresponding 
to a different country (ie, a visa). It may also be de- 
sirable in the method of FIGURE 2 to Include an ad- 
ditional encryption step wherein the password is en- 
crypted with a predetermined function prior to the 
mapping step and/or where the signature itself is en- 
crypted. This enables the card to carry information 
which is desired to be maintained highly confidential 
even if the card were lost or stolen. 

Referring now to FIGURE 3, a detailed flowchart 
diagram is shown of the preferred digital signing rou- 
tine of the present invention. As described above, "M" 



is the public key of the public-key cryptosystem and 
(Pi,P2) is the private key thereof. According to the rou- 
tine, the secret prime numbers "Pi" and "P2" are se- 
lected at step 42 such that when the mapped pass- 

5 word Q is multiplied by four predetermined factors, ±1 
modulo "M" and ±2 modulo "M", one and only one of 
the resulting values ±Q mod M and ±2Q mod M is a 
quadratic residue modulo "M". The security of the pre- 
ferred digital signing routine is based primarily on the 

10 fact that it is extremely difficult to compute the square 
root of the quadratic residue modulo "M" without 
knowing the factorization of M = Pi P2. 

Referring back to FIGURE 3, at step 44 the map- 
ped password "Q" is multiplied by each of the factors 

15 ±1 mod M and ±2 mod M. The routine continues at 
step 46, wherein each of the resulting values ±Q mod 
M and ±2Q mod M are evaluated to locate the quad- 
ratic residue mod "M". When this value is located, the 
routine computes the square root thereof at step 48 

20 to generate the digital signature. 

Although not shown in detail, it should be appre- 
ciated that the private key may include any number of 
secret prime numbers (Pi,P2.P3. • • Pn)- Preferably, 
the secret prime numbers are selected according to 

25 the routine shown in FIGURE 3A. At step 35, an n-bit 
random number "xi" is generated. The number of bits 
"n" needs to be large enough (eg, 250 bits) such that 
it is difficult to factor "M". At step 37, Xi is incremented 
to be congruent to a predetermined value, eg, "3 mod 

30 8". At step 39, a test is made to determine if Xi is 
prime. If so, then the routine continues at step 41 by 
setting Xi = Pi. If Xi is not prime, then Xi is increment- 
ed at step 43 (by setting Xi = Xi + 8) and the routine 
returns to step 39. Once Pi is selected, the routine 

35 continues at step 45 to generate another n-bit random 
number "X2". At step 47, X2 is incremented to be con- 
gruent with a second predetermined value, eg, "7 
mod 8". At step 49, a test is made to determine if X2 
is prime. If so, then the routine continues at step 51 

40 by setting X2 = P2- If X2 is not prime, then X2 is incre- 
mented at step 53 (by setting X2 - X2 + 8) and the rou- 
tine returns to step 49. Once P2 is selected, the public 
key "M" is set equal to P1P2 at step 55. 

It is also desirable to store Pi and P2 in the issuing 

45 terminal responsible for computing signatures. More- 
over, it is possible to distribute the private key (Pi,P2) 
from one terminal to another without any person be- 
ing able to discern the key by using another public- 
key cryptosystem pair (for which the private key is 

50 known only to the receiving terminal). Moreover, while 
the digital signing routine of FIGURE 3 is preferred, 
other schemes, such as RSA, the Goldwasser, Micall 
& Rivest scheme and/or the Rabin scheme, may be 
used. Such schemes may also require knowledge of 

55 the public key, although the routine of FIGURE 3 does 
not. In any case, the process of generating the "sig- 
nature" is fast if the private key is known but is prohi- 
bitively slow otherwise. Any attempt to issue counter- 
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felt cards is complicated further by the use of a one- 
way function "F" to hash the password into the map- 
ped password "Q". In this way, it becomes virtually 
impossible for a counterfeiter to mount a chosen-text 
attack on the card generation scheme even if the 
counterfeiter could somehow obstain signatures for 
fake personal data. 

Referring now to FIGURE 4, a general flowchart 
diagram is shown of a preferred method for prevent- 
ing unauthorized use of the personal identification 
card 10 issued according to the routines of FIGURES 
2-3. At step 50, the personal identification card is re- 
ceived at a transaction terminal. At step 52, the en- 
coded password/signature is decoded to generate a 
received password and a received signature. Prefer- 
ably, the method Includes a step 54 wherein errors in 
the received password and received signature are 
corrected in accordance with well-known techniques. 
At step 56, the received password is mapped, with the 
same predetermined function "F" used at the issuing 
terminal, to generate a mapped password "Qr" for the 
received personal identification card. 

The routine then continues at step 58 to verify 
that the received signature is "valid". In particular, the 
method digitally verifies, using the public key of the 
public-key cryptosystem pair, whether the received 
signature can be generated from the mapped pass- 
word "Qr". If so, the method continues at step 60 to 
generate an indication that the received signature is 
valid. At step 62, a representation is generated from 
data in the received password. This representation 
will be a picture if the original password stored on the 
card included a digitized photograph of the authorized 
cardholder. Of course, step 62 can be performed in 
parallel with steps 58 and 60 so that the picture is im- 
mediately displayed while the signature verification 
takes place. Referring back to FIGURE 4, at step 64, 
the method displays either the pictorial representa- 
tion or the indication, or both, on a display of the trans- 
action terminal. This display is then verified by an op- 
erator of the terminal at step 66 to insure that the card- 
holder is authorized to effect a transaction. 

It should be appreciated that the personal identi- 
fication card generated according to the method of 
FIGURE 2 can be used in any situation requiring user 
identification. For example, and not by way of limita- 
tion, the authorized user can present the card to an 
authorized salesperson for charging a purchase. The 
salesperson would enter the card into the transaction 
terminal which is capable of reading the date from the 
card's memory, verifying that the (digital) signature 
on the card is valid, and displaying on the display 
screen information derived from the password. The 
salesperson can therefore be assured that the card- 
holder's identity is as claimed and proceed with the 
charge. 

Referring now to FIGURE 5, a detailed flowchart 
is shown of the preferred digital verification routine of 



FIGURE 3. At step 68, the routine multiplies the map- 
ped password "Qr" from the received personal iden- 
tification card by each of the factors ±1 mod M and 
±2 mod M. The method continues at step 70 by squar- 

5 ing modulo "M" the received signature to generate a 
value "X". At step 72, a test is made to determine 
whether "X" equals either ±Qr mod M or±2QR mod M. 
If so, the routine continues at step 74 to generate the 
indication that the received signature is valid. If "x" 

10 does not equal any one of these four factors, the sig- 
nature is invalid and the transaction is inhibited. 

Of course, the method and system of the present 
invention is easily adaptable to a multi-issuer scenar- 
io where several parties desire to issue cards using 

15 different cryptosystem pairs, but where verifiers (ie, 
operators of transaction terminals) need to authenti- 
cate a card from any of the issuers. This can be ac- 
complished by encoding the public key used by each 
Issuer into each transaction terminal and then requir- 

20 ing the operator thereof to enter into the terminal both 
the identity of the issuer along with the card itself; al- 
ternatively, the identity of the card issuer can be en- 
coded on the card. This type of system is shown in 
FIGURE 6, wherein a plurality of issuing terminals 

25 76a... 76n are provided for one or more independent 
issuers of authorized personal identification cards. 
Each of the independent issuers is assigned or se- 
lects a distinctive public-key cryptosystem pair un- 
known to the other issuers. As noted above, the public 

30 key of each such pair is then encoded into each of the 
one or more transaction terminals 78a.. .78n which 
are shared by all of the issuers. 

The system of FIGURE 6 is useful for passport 
control, national identification cards, or multi-compa- 

35 ny credit cards, although such applications are not 
meant to be limiting. In operation of a passport sys- 
tem, for example, each country would have complete 
autonomy over the personal identification cards it is- 
sues, but a single transaction terminal would be used 

40 to authenticate the signature (which could include a 
visa) of any country. 

Although not described in detail, it can be appre- 
ciated by those skilled in the art that the method and 
system of the present invention can be readily imple- 

45 mented with preexisting hardware and software. In 
the preferred embodiment, and as shown in FIGURE 
6, each of the issuing terminals 76 includes a micro- 
computer 80 and associated memory devices 82 for 
storing operating programs and application programs 

50 for carrying out the method steps of FIGURE 2. In- 
put/output devices, such as a keyboard 84 and dis- 
play 86, are provided for interfacing the terminal to the 
card issuer. Of course, one or more of the method 
steps (eg, the digital signing step, the mapping step 

55 and the encoding step) can be implemented in either 
gate array logic chips or software. Likewise, each of 
the transaction terminals 78 preferably includes a mi- 
croprocessor 88, associated memory 90, and appro- 
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priate input/output devices such as cardreader 92, 
keyboard 94 and display 96. 

While the above discussion relates specifically to 
protection schemes for personal identification cards, 
it should be appreciated that the password/signature 
security routines of the present invention may also be 
used where the personal data is transmitted over a 
communications channel as opposed to being stored 
on an identification card per se. Returning back to 
FIGURE 6, this aspect of the invention is achieved by 
providing a communications channel 100, eg, a tele- 
phone link via modems, between an issuing terminal 
76b and a transaction terminal 78a. 

In operation, the method steps of FIGURE 2 
would be the same as previously described except 
that step 40 is deleted and a step of transmitting the 
encoded password/signature over the communica- 
tions channel 100 is substituted therefor. Likewise, 
step 50 of the verification routine in FIGURE 4 is de- 
leted and is substituted with a step whereby the infor- 
mation provided over the communications channel 
100 is received at the transaction terminal and then 
processed according to the remainder of the steps in 
FIGURE 4. In this way, the password/signature meth- 
od is used for personal identification where the me- 
dium for supporting and transmitting the password 
and the signature is the communications channel it- 
self rather than the identification card. 

Although the invention has been described and il- 
lustrated in detail, the same is byway of example only 
and should not be taken by way of limitation. 



Claims 

1. A system for issuing authorized personal identi- 
fication cards (10) and for preventing unautho- 
rized use thereof, comprising: 

issuing terminal means (76) for issuing a 
plurality of personal identification cards (10); 
each of said cards having stored therein a first 
data string (20) with a portion (20a) thereof de- 
rived from a physical characteristic of an autho- 
rized user of the card, each of said cards (1 0) also 
having stored therein a signature (22) derived 
from a second data string (Q) using a private key 
(P1P2) of a public-key cryptosystem pair, the 
public-key cryptosystem pair also having a public 
key (M), the second data string (Q) being derived 
from the first data string (20) using a predeter- 
mined one-way function (F) and having a length 
substantially less than the length of the first data 
string (20); and 

transaction terminal means (78) including 
at least one transaction terminal for receiving a 
personal identification card (10) offered to effect 
a transaction using the transaction terminal, the 
personal identification card (10) having the first 



data string (20) and a received signature (22) 
stored therein, wherein the transaction terminal 
(78) comprises means, using the public key (M) 
of the public-key cryptosystem pair, for verifying 
5 that the received signature (22) can be generated 

from the first data string (20), means responsive 
to the verifying means for generating a represen- 
tation from the first data string, and means for 
displaying (96) the representation and an indica- 
10 tion of whether the received signature (22) can be 

generated from the first data string (20) to enable 
an operatorofthe transaction terminal (78) to ver- 
ify that the user of the offered personal identifi- 
cation card (1 0) is authorized to effect a transac- 
ts tion. 

2. A system according to Claim 1 , wherein the issu- 
ing terminal means (76) includes at least one is- 
suing terminal for one or more independent Issu- 
20 ers of authorized personal identification cards 

(10), each of the independent issuers having a 
distinctive public-key cryptosystem pair unknown 
to the other issuers. 

25 3. A system for allowing authorized users of person- 
al identification cards (10) to effect transactions 
via at least one transaction terminal (78), com- 
prising a plurality of cards (10) each having stor- 
ed therein a signature (22) which is the digital sig- 
30 nature of a second data string (Q), the second 

data string (Q) being derived from a first data 
string (20) derived from a physical characteristic 
associated with a respective user, the second 
data string (Q) being derived from the first data 
35 string (20) using a predetermined one-way func- 

tion (F) and having a length substantially less 
than the length of the first data string (20), the 
signature (22) stored in each of said cards (10) 
having been derived with the same private key 
40 (Pi»P2) of a public-key cryptosystem pair also 

having a public key (M); and at least one transac- 
tion terminal (78) having means for controlling: 
(1) the retrieval of the first data string (20) and 
the signature (22) stored in an inserted card; 
45 (2) the digital verification of the signature (22) 

with the use of the public key (M) of the public- 
key cryptosystem pair; 
(3) the generation of a pictorial representation 
from the first data string (20); and 
50 (4) the effecting of a transaction only if the 

signature (22) is verified and the pictorial rep- 
resentation matches the user. 

4. A terminal (76) for initializing personal identif ica- 
55 tion cards (1 0) to be used with at least one trans- 

action terminal (78), each card (10) having a 
memory (16) therein, comprising means for as- 
signing a first data string (20) having a portion 
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(20a) thereof which is derived from a physical 
characteristic of a user whose card is to be initial- 
ized, means for mapping the first data string (20) 
with a predetermined one-way function (F) to 
generate a second data string (Q) having a length 5 
substantially less than the length of the first data 
string (20), means for deriving a digital signature 
(22) from the second data string (Q), the signa- 
ture of each user being derived with use of a pri- 
vate key (Pi,P2) of a public-key cryptosystem pair 10 
also having a public key (M), and means for con- 
trolling the storing in a user card (10) of the re- 
spective derived digital signature (22). 

5. A personal identification card (10) for use in ef- is 
fecting transactions via at least one transaction 
terminal (78), comprising a body portion (12), a 
memory (16) within said body portion for storing 

a signature (22), said signature (22) being the 
digital signature of a second data string (Q) de- 20 
rived from a first data string (20) having at least 
a portion (20a) thereof being derived from a phys- 
ical characteristic of a respective card user, the 
second data string (Q) being derived from the 
first data string (20) using a predetermined one- 25 
way function (F) and having a length substantially 
less than the length of the first data string (20), 
wherein said signature (22) is derived from the 
second data string (Q) with the private key (Pi,P2) 
of a public-key cryptosystem pair. 30 

6. A method for enabling an authorized user of a 
personal identification card (1 0) to effect a trans- 
action using a transaction terminal (78), the per- 
sonal identification card (10) having user- 35 
characteristic data (20) derived from a physical 
characteristic of the authorized user and which 
need not be retained secret, and a signature (22) 

of the user-characteristic data (20) derived from 
a private key (Pi,P2) of a public-key cryptosystem 40 
pair, the public-key cryptosystem pair also includ- 
ing a public key (M), comprising the steps of: 

receiving the personal identification card 
(10) at the transaction terminal (78); 

digitally verifying, using the public key (M), 45 
whether the signature (22) on the personal iden- 
tification card (10) received at the transaction 
terminal (78) can be generated from the user- 
characteristic data (20); and 

if the signature (22) can be generated 50 
from the user-characteristic data (20) using the 
public key (M), displaying a representation of the 
user-characteristic data (20) on a display (96) of 
the transaction terminal (78) to enable an opera- 
tor thereof to verify that the user is authorised to 55 
effect a transaction using the personal card. 

7. A method according to Claim 6, wherein both a 



representation of said physical characteristic of 
the authorized user, and an indication of the val- 
idity status of the signature (22) on the personal 
identification card (10) are displayed on a display 
of said transaction terminal (78), said represen- 
tation being generated from the user- 
characteristic data (20) on the personal identifi- 
cation card (10). 

8. A method according to Claim 6 or 7, wherein said 
signature (22) of the user-characteristic data (20) 
is derived by: 

(i) generating an intermediate data string (Q) 
from the user-characteristic data using a pre- 
determined one-way function (F), the inter- 
mediate data string (Q) being substantially 
smaller in size than said user-characteristic 
data; and 

(ii) deriving said signature (22) from said inter- 
mediate data string (Q) using said private key 
(P1.P2). 



Patentanspruche 

1. System zur Ausgabe von autorisierten personli- 
chen Identifikationskarten (10) und zur Verhin- 
derung ihrer unberechtigten Verwendung, wel- 
ches enthalt: 

ein Ausgabeterminal (76) zur Ausgabe einer Viel- 
zahl von personlichen Identifikationskarten (10), 
wobei auf jederder Karten eine erste Datenreihe 
(20) mit einem Teil (20a) gespeichert ist, der von 
physikalischen Charakteristika eines autorisier- 
ten Anwenders der Karte stammt, wobei jede der 
Karten (10) fernereine Signatur (22) gespeichert 
aufweist, die von einer zweiten Datenreihe (Q) 
unter Verwendung eines privaten Schlussels (Pi, 
P2) eines offenen Krpytosystempaars enthalt, 
wobei das offene Kryptosytempaar aulierdem ei- 
nen offenen Schlusel (M) aufweist, wobei die 
zweite Datenreihe (Q) aus der ersten Datenreihe 
(20) abgeleitet ist, in dem eine vorbestimmte Ein- 
wegf unktion (F) verwendet ist und die eine Lange 
aufweist, die betrachtlich kleiner als die Lange 
der ersten Datenreihe (20) ist; und mit einem 
Ubertragungsterminal (78), das wenigstens ein 
Ubertragungsterminal zur Aufnahme einer per- 
sonlichen Identifikationskarte (10) enthalt, mit 
der eine Ubertragung unter Verwendung des 
Ubertragungsterminals mdglich ist, wobei die 
personliche Identifikationskarte (10) eine erste 
Datenreihe (20) und eine darin aufgenommene 
Signatur (22) enthalt, wobei das Ubertragungs- 
terminal (78) Mittel enthalt, welche den offenen 
Schliissel (M) des Offen-Schlussel-Kryptosy- 
stempaars verwenden, um sicherzustellen, dali 
die empfangene Signatur (22) aus der ersten Da- 
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tenreihe (20) abgeleitet werden kann, Mittel, die 
auf die Uberprufungsmittel ansprechen, um eine 
Darstellung aus der ersten Datenreihe zu erzeu- 
gen, und IVIitteIn zur Anzeige (96) der Darstellung 
und eine Anzeige, ob die empfangene Signatur 
(22) aus der ersten Datenreihe (20) erzeugt wer- 
den kann, um einem Bedienerdes Ubertragungs- 
terminals (78) zu bestatigen, daB der Verwender 
der angebotenen personlichen Identifikations- 
karte (10) autorisiert ist, die Ubertragung zu be- 
wirken. 

2. System nach Anspruch 1 , bei dem das Ausgabe- 
terminal (76) wenigstens ein Ausgabeterminal fur 
einen oder mehrere unabhanglge Ausgeber von 
autorisierten personlichen Identlfikationskarten 
(10) enthalt, wobei jede der unabhangigen Aus- 
geber ein bestimmtes Offen-Schlussel-Krypto- 
systempaar verwendet, das den anderen Ausge- 
bern unbekannt ist. 

3. System, es autorisierten Verwendern von per- 
sonlichen Identifkationskarten (10) zu ermogli- 
chen, eine Ubertragung uber wenigstens ein 
Ubertragungsterminal (78) zu bewirken, das eine 
Vielzahl von Karten (10) enthalt, die Jewells eine 
Signatur (22) aufweisen, welche die digitale Si- 
gnatur einerzweiten Datenreihe (Q) ist, wobei die 
zweite Datenreihe (Q) aus einer ersten Datenrei- 
he (20) abgeleitet ist, die von physikalischen 
Charakteristika bezuglich des entsprechenden 
Nutzers abgeleitet ist und wobei die zweite Da- 
tenreihe (Q) aus der ersten Datenreihe (20) unter 
Verwendung einer vorbestimmten Einwegfunkti- 
on (F) abgeleitet ist und eine Lange aufweist, die 
betrachtlich geringerals die Lange derersten Da- 
tenreihe (20) ist, wobei die Signatur (22), die in je- 
der der Karten (1 0) gespeichert ist, mit dem glei- 
chen privaten Schlussel (Pi, P2) eines Offen- 
Schlussel-Kryptosystempaars abgeleitet ist, das 
ebenfalls einen offenen Schlussel (M) aufweist, 
und mit wenigstens einem Ubertragungsterminal 
(78), mit Mittein zur Steuerung 

(1) des Ermittelns derersten Datenreihe (20) 
und der Signatur (22), die auf der Karte ge- 
speichert sind, 

(2) derdigitalen Verifikation der Signatur (22) 
unter Verwendung des offenen Schlussels 
(M) des Offen-Schlussel-Kryptosystem- 
paars, 

(3) der Erzeugung einer Bilddarstellung aus 
der ersten Datenreihe (20) und 

(4) der Bewirkung einer Ubertragung, nur 
dann, wenn die Signatur (22) verif iziert ist und 
die bildliche Darstellung dem Anwender ent- 
spricht. 

4. Terminal (76) zur Initialisierung persdnlicher 



Identlfikationskarten (10) zur Verwendung mit 
wenigstens einem Ubertragungsterminal (78), 
wobei jede Karte (10) einen Speicher (16) ent- 
halt, mit Mittein zurZuordnung einer ersten Da- 

5 tenreihe (20) mit einem Teil (20a), der aus physi- 

kalischen Charakteristika eines Verwenders ab- 
geleitet ist, dessen Karte zur initialisieren ist, Mit- 
tein zur Abbildung derersten Datenreihe (20) mit 
einer vorbestimmten Einwegfunktion (F) zur Er- 

10 zeugung einer zweiten Datenreihe (Q) mit einer 

Lange, die betrachtlich kleiner als die Lange der 
ersten Datenreihe (20) ist, Mittein zur Ableitung 
einer digitalen Signatur (22) aus der zweiten Da- 
tenreihe (Q), wobei die Signatur jedes Verwen- 

15 ders unter Verwendung eines privaten Schlus- 

sels (Pi, P2) eines Offen-Schliissel-Kryptosy- 
stempaars abgeleitet ist, das auBerdem einen of- 
fenen Schlussel (M) aufweist, und Mittein zur 
Steuerung der Speicherung auf der Anwender- 

20 karte (10) der entsprechend abgeleiteten digita- 

len Signatur (22). 

5. Eine personliche Identifikationskarte (10) zur 
Verwendung bei der Auslosung von Ubertragun- 

25 gen uber wenigstens ein Ubertragungsterminal 

(78), die einen Grundkorper (12) enthalt, einen 
Speicher (16) innerhalb des Grundkdrperteils zur 
Speicherung einer Signatur (22), wobei die Si- 
gnatur (22) die digitale Signatur einer zweiten 

30 Datenreihe (Q) ist, die aus einer ersten Datenrei- 

he (20) abgeleitet ist, die wenigstens ein Teil 
(20a) dieser enthalt, der aus einer physikalischen 
Charakteristik des entsprechenden Kartenver- 
wenders abgeleitet ist, wobei die zweite Datenrei- 

35 he (Q) aus der ersten Datenreihe (20) unter Ver- 

wendung einer vorbestimmten Einwegfunktion 
(F) abgeleitet ist und eine Lange aufweist, die be- 
trachtlich kleiner als die Lange derersten Daten- 
reihe (20) ist, wobei die Signatur (22) aus der 

40 zweiten Datenreihe (Q) mit dem privaten Schlus- 

sel (Pi, P2) eines Offen-Schliissel-Kryptosy- 
stems abgeleitet ist. 

6. Verfahren zur Bewirkung einer Ubertragung 
45 durch einen autorisierten Verwender einer per- 
sonlichen Identifikationskarte (10) unter Ver- 
wendung eines Ubertragungsterminals (78), wo- 
bei die personliche Identifikationskarte (10) an- 
wendercharakteristische Daten (20) enthalt, die 

50 aus physikalischen Charakteristika des autori- 

sierten Verwenders abgeleitet sind und die nicht 
geheim zu halten sind, und einer Signatur (22) 
der anwendercharakteristischen Daten (20), die 
von einem privaten Schlussel (Pi, P2) eines Of- 

55 fen-Schlussel-Kryptosystempaars abgeleitet ist, 

wobei das Offen-Schlussel-Kryptosystempaar 
auBerdem einen offenen Schlussel (M) enthalt, 
das die Schritte umfaBt: Annahme der persdnli- 
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Chen Identifkationskarte (10) an dem Ubertra- 
gungsternninal (78), digitale Verifizierung unter 
Verwendung des offenen Schliissels (M), ob die 
Signatur (22) auf der personlichen Identifikati- 
onskarte (10), die vonn Ubertragungsternninal 5 
(78) aufgenommen ist, aus den anwendercharak- 
teristischen Daten (20) erzeugt werden kann, und 
wenn die Signatur (22) aus den anwendercharak- 
teristischen Daten (20) unter Verwendung des of- 
fenen Schlussels (IVI) abgeleitet werden kann, An- io 
zeige einer Darstellung der anwendercharakteri- 
stischen Daten (20) auf einem Display (96) des 
Ubertragungsterminals (78), um dessen Bedie- 
ner zu ermoglichen zu verif izieren, daR der Ver- 
wender bereciitigt ist, eine Ubertragung unter is 
Verwendung der personlichen Karte vorzuneh- 
men. 

7. Verfahren nach Anspruch 6, be! dem sowohl eine 
Darstellung der physikalischen Charakteristika 20 
des autorisierten Verwenders, und eine Anzeige 

des Gultigkeitsstatus der Signatur (22) auf der 
persdnliche Identifkationskarte (10) auf einem 
Display des Ubertragungsterminals (78) ange- 
zeigt werden, wobei die Darstellung aus den an- 25 
wendercharakteristischen Daten (20) auf der per- 
sonlichen Identifikationskarte (10) erzeugt ist. 

8. Verfahren nach Anspruch 6 Oder 7, bei dem die 
Signatur (22) der anwendercharakteristischen 30 
Daten (20) abgeleitet sind durch 

(i) Erzeugen einer Zwischendatenreihe (Q) 
aus den anwendercharakteristischen Daten 
unter Verwendung einer vorbestimmten Ein- 
wegf unktion (F), wobei die Zwischendatenrei- 35 
he (Q) betrachtlich kleiner in der GroBe ist als 

die anwendercharakteristischen Daten ist, 
und 

(ii) Ableiten der Signatur (22) aus der Zwi- 
schendatenreihe (Q) unter Verwendung eines 40 
privaten Schlussels (Pi, P2). 



duite d'une deuxieme suite de donnees (Q) utili- 
sant une cle privee (P^, P2) d'un couple de syste- 
me de chiffrage h cl^ publique, le syst^me de 
chiffrage a cle publique ayant egalement une cle 
publique (M), la deuxieme suite de donnees (Q) 
etant deduite de la premiere suite de donnees 
(20) a I'aide d'une fonction univoque pr^determi- 
nee (F) et ayant une longueur sensiblement inf^- 
rieure a la longueur de la premiere suite de don- 
nees (20) ; et 

un moyen de mouvement d terminal (78), 
comprenant au moins un terminal de mouvement 
destine a recevoir une carte d'identification de 
personnel (10) presentee afin d'effectuer un 
mouvement a I'aide d'un terminal de mouvement, 
la carte d'identification de personnel (10) pr^sen- 
tant la premiere suite de donnees (20) et une em- 
preinte (22) regue, stockee en son sein, dans le- 
quel le terminal de mouvement (78) comprend un 
moyen, utilisant la cle publique (M) du couple de 
systeme de chiffrage a cle publique, servant a 
verifier que I'empreinte (22) regue peut etre pro- 
duite par la premiere suite de donnees (20), un 
moyen reagissant au moyen de verification, afin 
de produire une representation a partirde la pre- 
miere suite de donnees, et un moyen (96) servant 
k afficher la representation et une indication du 
fait que I'empreinte (22) regue peut etre produite 
par la premiere suite de donnees (20), afin de 
permettre d un op^rateur du terminal de mouve- 
ment (78) de verifier que I'utilisateur de la carte 
d'identification de personnel (10) presentee est 
autoris^ d effectuer un mouvement. 

2. Systeme selon la revendication 1 , dans lequel le 
moyen de production a terminal (76) comprend 
au moins un terminal de production pour un ou 
plusieurs ^metteurs independants de cartes 
d'identification de personnel autorise (10), cha- 
cun des emetteurs independants presentant un 
couple de systeme de chiffrage k c\§ publique 
distinctive, inconnu des autres Emetteurs. 



Revendications 

1. Systeme servant d produire des cartes d'identi- 
fication pour personnel autorise (10) et a empe- 
cher leur utilisation par du personnel non autori- 
se, comprenant : 

un moyen de production a terminal (76) 
servant d produire une plurality de cartes d'iden- 
tification de personnel (10) ; chacune desdites 
cartes ayant stocke, en son sein, une premiere 
suite de donnees (20), avec une partie (20a) de 
cette derniere deduite d'une caracteristique phy- 
sique d'un utilisateur autorise de la carte, chacu- 
ne desdites cartes (10) ayant Egalement, stocke 
en son sein, une empreinte numerique (22) de- 



3. Systeme servant a permettre a des utilisateurs 
45 autorises de cartes d'identification de personnel 

(10) d'effectuer des mouvements via au moins un 
terminal de mouvement (78), comprenant une 
pluralite de cartes (10), presentant chacune, en 
son sein, une empreinte (22), qui est I'empreinte 
50 numerique d'une deuxieme suite de donnees (Q), 

la deuxieme suite de donnees (Q) 6tant deduite 
d'une premiere suite de donnees (20), deduite 
d'une caracteristique physique associee a un uti- 
lisateur respectif, la deuxieme suite de donnees 
55 (Q) etant deduite de la premiere suite de donnees 

(20) a I'aide d'une fonction univoque predetermi- 
nee (F) et ayant une longueur sensiblement infe- 
rieure a la longueur de la premiere suite de don- 
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nees (20), rempreinte (22), stockee dans chacu- 
ne desdites cartes (10), ayant ete deduite avec la 
meme c\§ privee (Pi, P2) d'un couple de systeme 
de chiffrage a cle publique ayant une cle publi- 
que (M) ; et au moins un terminal de nnouvenrient 5 
(78) presentant un nnoyen servant a commander : 

(1) I'extraction de la premiere suite de don- 
nees (20) et de I'empreinte (22) stockee dans 
une carte inseree; 

(2) la verification numerique de Tempreinte 10 
(22) k I'aide de la cl6 publique (M) du couple 

de systeme de chiffrage a cle publique ; 

(3) la production d'une representation graphi- 
que de la premiere suite de don nees (20) ; et 

(4) la realisation d'un mouvement, seulement is 
si rempreinte (22) est v^rif i^e et que la repre- 
sentation graphique est adapt^e d rutilisa- 
teur. 

4. Terminal (76) d'initialisation de cartes d'identifi- 20 
cation de personnel (10), destine a etre utilise 
avec au moins un terminal de mouvement (78), 
chaque carte (10) ayant, en son sein, une memoi- 

re (16), comprenantun moyen servant a attribuer 
une premiere suite de donnees (20), dont une 25 
partie (20a) est deduite d'une caracteristique 
physique d'un utilisateur dont la carte doit Stre 
initialisee, un moyen servant a tracer une carte 
de la premiere suite de donnees (20) avec une 
fonction univoque pr^determin^e (F), af in de pro- 30 
duire une deuxi^me suite de donnees (Q) ayant 
une longueur sensiblement inferieure a la lon- 
gueur de la premiere suite de donnees (20), un 
moyen servant a deduire une empreinte numeri- 
que (22) d partir de la deuxi^me suite de donnees 35 
(Q), I'empreinte de chaque utilisateur etant de- 
duite d'une cle privee (P^, P2) d'un couple de sys- 
tdme de chiffrage k c\§ publique ayant ^galement 
une cle publique (M), et un moyen servant a 
commander le stockage d'une carte d'utilisateur 40 
(10) de I'empreinte numerique (22) deduite res- 
pective. 

5. Carte d'identif ication de personnel (1 0) destinee 

a etre utilisee af in d'effectuer des mouvements 45 
via au moins un terminal de mouvement (78), 
comprenant une partie de corps (12), une memoi- 
re (16) dans ladite partie de corps afin de stocker 
une empreinte (22), ladite empreinte (22) etant 
I'empreinte numerique d'une deuxieme suite de so 
donnees (Q) deduite d'une premiere suite de don- 
nees (20), ayant au moins une partie (20a) dedui- 
te d'une caracteristique physique d'un utilisateur 
de carte respectif, la deuxieme suite de donnees 
(Q) etant deduite de la premiere suite de donnees 55 
(20) a I'aide d'une fonction univoque predetermi- 
n6e (F) et ayant une longueur sensiblement infe- 
rieure a la longueur de la premiere suite de don- 



nees (20), dans laquelle ladite empreinte (22) est 
deduite de la deuxieme suite de donnees (Q) 
avec la cl^ privee (Pi, P2) d'un couple de systeme 
de chiffrage a cle publique. 

6. Precede servant a permettre a un utilisateur au- 
torise d'une carte d'identification de personnel 
(10) d'effectuer un mouvement k I'aide d'un ter- 
minal de mouvement (78), la carte d'identifica- 
tion de personnel (10) ayant des donnees de ca- 
racteristique d'utilisateur (20) d^duites d'une ca- 
racteristique physique de I'utilisateur autorise et 
ne necessitant pas d'etre maintenues secretes, 
et une empreinte (22) des donnees de caracteris- 
tique d'utilisateur (20) deduites d'une cle privee 
(Pi, P2) d'un couple de systeme de chiffrage d cl6 
publique, le couple de systeme de chiffrage a cle 
publique comportant egalement une cle publique 
(M), precede comprenant les stapes de : 

reception de la carte d'identification de 
personnel (10) au terminal de mouvement (78) ; 

verification numerique, a I'aide de la cle 
publique (M), du fait que I'empreinte (22) situee 
sur la carte d'identification de personnel (10), re- 
gue au terminal de mouvement (78), peut etre 
produite a partir des donnees de caracteristique 
d'utilisateur (20) ; et 

si I'empreinte (22) peut etre produite a par- 
tir des donnees de caracteristique d'utilisateur 
(20) d I'aide de la c\§ publique (M), affichage 
d'une representation des donnees de caracteris- 
tique d'utilisateur (20) sur un affichage (96) du 
terminal de mouvement (78), afin de permettre a 
son operateur de verifier que I'utilisateur est au- 
torise ^ effectuer un mouvement d I'aide de la 
carte de personnel. 

7. Procede selon la revendication 6, dans lequel, k 
la fois, une representation de ladite caracteristi- 
que physique de I'utilisateur autorise et une indi- 
cation de I'etat de validity de I'empreinte (22) sur 
la carte d'identification de personnel (1 0) sont af- 
f ich^es sur un affichage dudit terminal de mou- 
vement (78), ladite representation etant produite 
a partir des donnees de caracteristique d'utilisa- 
teur (20) situ^es sur la carte d'identification de 
personnel (10). 

8. Precede selon la revendication 6 ou 7, dans le- 
quel ladite empreinte (22) des donnees de carac- 
teristique d'utilisateur (20) est deduite : 

(i) en produisant une suite de donnees (Q) in- 
termediaire a partir des donnees de caracte- 
ristique d'utilisateur, k I'aide d'une fonction 
univoque predeterminee (F), la taille de la sui- 
te de donnees (Q) intermediaire etant sensi- 
blement inferieure a celle desdites donnees 
de caracteristique d'utilisateur ; et 
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(ii) en deduisant ladite empreinte (22) a partir 
de ladite suite de donnees (Q) intermediaire a 
I'aide de ladite cl^ privee (Pi, P2). 
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